mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-30 10:47:08 -06:00
112 lines
3.5 KiB
Python
112 lines
3.5 KiB
Python
# Authors: Karl MacMillan <kmacmillan@redhat.com>
|
|
#
|
|
# Copyright (C) 2007 Red Hat
|
|
# see file 'COPYING' for use and warranty information
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU General Public License as
|
|
# published by the Free Software Foundation; version 2 only
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program; if not, write to the Free Software
|
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
#
|
|
|
|
from ipapython import ipautil
|
|
import shutil
|
|
|
|
ntp_conf = """# Permit time synchronization with our time source, but do not
|
|
# permit the source to query or modify the service on this system.
|
|
restrict default kod nomodify notrap nopeer noquery
|
|
restrict -6 default kod nomodify notrap nopeer noquery
|
|
|
|
# Permit all access over the loopback interface. This could
|
|
# be tightened as well, but to do so would effect some of
|
|
# the administrative functions.
|
|
restrict 127.0.0.1
|
|
restrict -6 ::1
|
|
|
|
# Hosts on local network are less restricted.
|
|
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
|
|
|
|
# Use public servers from the pool.ntp.org project.
|
|
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
|
|
server $SERVER
|
|
|
|
#broadcast 192.168.1.255 key 42 # broadcast server
|
|
#broadcastclient # broadcast client
|
|
#broadcast 224.0.1.1 key 42 # multicast server
|
|
#multicastclient 224.0.1.1 # multicast client
|
|
#manycastserver 239.255.254.254 # manycast server
|
|
#manycastclient 239.255.254.254 key 42 # manycast client
|
|
|
|
# Undisciplined Local Clock. This is a fake driver intended for backup
|
|
# and when no outside source of synchronized time is available.
|
|
server 127.127.1.0 # local clock
|
|
#fudge 127.127.1.0 stratum 10
|
|
|
|
# Drift file. Put this in a directory which the daemon can write to.
|
|
# No symbolic links allowed, either, since the daemon updates the file
|
|
# by creating a temporary in the same directory and then rename()'ing
|
|
# it to the file.
|
|
driftfile /var/lib/ntp/drift
|
|
|
|
# Key file containing the keys and key identifiers used when operating
|
|
# with symmetric key cryptography.
|
|
keys /etc/ntp/keys
|
|
|
|
# Specify the key identifiers which are trusted.
|
|
#trustedkey 4 8 42
|
|
|
|
# Specify the key identifier to use with the ntpdc utility.
|
|
#requestkey 8
|
|
|
|
# Specify the key identifier to use with the ntpq utility.
|
|
#controlkey 8
|
|
"""
|
|
|
|
ntp_sysconfig = """# Drop root to id 'ntp:ntp' by default.
|
|
OPTIONS="-x -u ntp:ntp -p /var/run/ntpd.pid"
|
|
|
|
# Set to 'yes' to sync hw clock after successful ntpdate
|
|
SYNC_HWCLOCK=yes
|
|
|
|
# Additional options for ntpdate
|
|
NTPDATE_OPTIONS=""
|
|
"""
|
|
|
|
def config_ntp(server_fqdn, fstore = None):
|
|
sub_dict = { }
|
|
sub_dict["SERVER"] = server_fqdn
|
|
|
|
nc = ipautil.template_str(ntp_conf, sub_dict)
|
|
|
|
if fstore:
|
|
fstore.backup_file("/etc/ntp.conf")
|
|
else:
|
|
shutil.copy("/etc/ntp.conf", "/etc/ntp.conf.ipasave")
|
|
|
|
fd = open("/etc/ntp.conf", "w")
|
|
fd.write(nc)
|
|
fd.close()
|
|
|
|
if fstore:
|
|
fstore.backup_file("/etc/sysconfig/ntpd")
|
|
else:
|
|
shutil.copy("/etc/sysconfig/ntpd", "/etc/sysconfig/ntpd.ipasave")
|
|
|
|
fd = open("/etc/sysconfig/ntpd", "w")
|
|
fd.write(ntp_sysconfig)
|
|
fd.close()
|
|
|
|
# Set the ntpd to start on boot
|
|
ipautil.run(["/sbin/chkconfig", "ntpd", "on"])
|
|
|
|
# Restart ntpd
|
|
ipautil.run(["/sbin/service", "ntpd", "restart"])
|